Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | From dc68faf8339a885bc55fabe5b01f1de4f8f3782c Mon Sep 17 00:00:00 2001 |
| 2 | From: Kai Kang <kai.kang@windriver.com> |
| 3 | Date: Wed, 13 May 2015 16:30:53 +0800 |
| 4 | Subject: [PATCH 1/2] gst-ffmpeg: fix CVE-2014-9603 |
| 5 | |
| 6 | Upstream-Status: Backport |
| 7 | |
| 8 | Upstream is version 2.x and vmdav.c is splitted into 2 files vmdaudio.c |
| 9 | and vmdvideo.c. Becuase source code changes, just partly backport commit which |
| 10 | is applicable to version 0.10.13 to fix CVE-2014-9603. |
| 11 | |
| 12 | http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd |
| 13 | |
| 14 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| 15 | --- |
| 16 | gst-libs/ext/libav/libavcodec/vmdav.c | 7 +++++-- |
| 17 | 1 file changed, 5 insertions(+), 2 deletions(-) |
| 18 | |
| 19 | diff --git a/gst-libs/ext/libav/libavcodec/vmdav.c b/gst-libs/ext/libav/libavcodec/vmdav.c |
| 20 | index d258252..ba88ad8 100644 |
| 21 | --- a/gst-libs/ext/libav/libavcodec/vmdav.c |
| 22 | +++ b/gst-libs/ext/libav/libavcodec/vmdav.c |
| 23 | @@ -294,10 +294,13 @@ static void vmd_decode(VmdVideoContext *s) |
| 24 | len = *pb++; |
| 25 | if (len & 0x80) { |
| 26 | len = (len & 0x7F) + 1; |
| 27 | - if (*pb++ == 0xFF) |
| 28 | + if (*pb++ == 0xFF) { |
| 29 | len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); |
| 30 | - else |
| 31 | + } else { |
| 32 | + if (ofs + len > frame_width) |
| 33 | + return; |
| 34 | memcpy(&dp[ofs], pb, len); |
| 35 | + } |
| 36 | pb += len; |
| 37 | ofs += len; |
| 38 | } else { |
| 39 | -- |
| 40 | 1.9.1 |
| 41 | |